8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Implementing resilience within an operational risk framework to view risk holistically

Session details 

  • Bringing impact tolerances alongside risk management
  • Condensing for senior management and the board to understand
  • Addressing and prioritizing risks and remediating
  • Removing fragmentation and siloed nature of managing risk
  • Managing jurisdictional disparities
  • PRA regulatory requirements for operational resilience
  • Complying with the European Digital Operational Resilience Act (DORA)
  • Remediating resilience vulnerabilities identified

Dean Berney, Head of Operational Resilience, Legal & General Investment Management
 Javier Martinez, former Head of Operational Risk and Resilience, Bank of England
Ameet Jugnauth, Cyber Governance and Risk Director, Capital One


9:45 Continuation of operational resilience to include identification and management of critical third parties

Session details 

  • Reviewing credit worthiness of third-party suppliers
  • Managing cloud risk as a third-party risk
  • Management of financial market infrastructure providers
  • Updated EBA guidelines on third party and outsourcing management
  • Understanding the importance of exit planning and the difficulty to replace suppliers
  • The linkage of third-party vendor management to cybercrime and data privacy
  • Ensuring correct controls in place to manage third parties
  • Understanding your vulnerabilities to third and fourth parties
  • Identifying concentration risks in your third parties 

10:20 Morning refreshment break and networking


10:50 Managing growing supply chain complexity and applying security frameworks to mitigate disruption

Session details 

    • Developing point in time assurance processes
    • Reaction time after a notification and assessment of risk
    • Inclusion operational resilience requirements
      • Identifying important business services and tolerances
    • Managing supply chain concentration
    • Exiting markets as a result of geopolitical tension
      • Identifying supply chain exposure
    • Reviewing Covid as the catalyst for global supply chain issues
    • Reviewing how cyber-attacks can and have disrupted supply chains

Hazel Diez Castaño, Global Head of Cyber GRC & CISO Central Services, Banco Santander


11:25 Monitoring sequences of events to determine operational risks amidst increased geopolitical uncertainty

Session details 

        • Interconnected nature of political risks: Interaction with supplier and cyber risks
        • Exit planning across certain jurisdictions
        • Managing continued economic shocks
          • Brexit, Covid-19, Russia/Ukraine conflict, energy crisis etc…
        • Developing meaningful scenario analysis capabilities
        • Managing political instability globally
          • Externally and within UK politics
        • Impact of energy crisis on consumer behavior
        • Viewing geopolitical risk as a driver of operational risk
        • Ensuring sufficient controls are in place to combat geopolitical risks

Prash Patel, Head of Operational Risk Markets & Banking, Barclays Investment Bank
Merlin Linehan, Risk Manager, EBRD

12:10 Lunch break and networking


1:10 Managing risks migrating to cloud and infrastructure changes to leverage service

Session details 

    • Communicating risk to the board
    • Enhancing agility to update technology infrastructure
    • Consequences of errors in a cloud environment
    • Understanding the size and capability shift with migrating to cloud
    • Ensuring the security controls and frameworks extends to cloud providers
    • Introduction of European Union Cybersecurity Certification Scheme on Cloud Services (EUCS)
    • Increased regulatory requirements when working with cloud providers
    • Ensuring necessary workforce to manage the change to cloud

 Ecem Karaman, Vice President, Cybersecurity, JPMorgan Chase & Co.


1:45 Leveraging data across operational risk to identify emerging risks and achieve strategic business goals

Session details 

  • Interpretation and analysis of data
    • Leveraging to inform business decisions
  • Maintaining data integrity: Ensuring sources are accurate, reliable, sustainable and repeatable
  • Assessing the use of increased personal data organizations have access to
  • Using different systems to store data
  • Ensuring the correct tools and capabilities to manage data
  • Data risk from technology transformation
  • Increased regulatory scrutiny and fine potential.
  • Maintaining security and control over data

Ian Phoenix, Director of Intelligence & Digital Data, Technology, & Innovation, FCA (tbc)


2:20 Managing the changing pace of technology and staying ahead of customer expectations

Session details 

      • Movement towards enterprise adoption of DLT
      • Automating decision making
      • Recruiting and retaining risk technology talent
      • Managing the constant changing pace of technology
      • Assessing the correct approach to adopting new technologies
      • Increased use of automation and the threats it is susceptible to
      • Strategizing against cyber risk during digital transformation
      • Importance of technological changes to enhance service provided
      • Importance of building out control level when enhancing technology

 Stefana Brown, CRO, UK Protection & Fintech & IT and Data Protection Risk Director, Legal & General
 Shabbir B Tahasildar, Head of Technology Risk Control, Handelsbanken plc


3:05 Identifying use cases for AI and machine learning and understanding outputs

Session details 

      • Overseeing and controlling decisions
      • Identification techniques to remove bias
      • Managing information risk and use of data
      • Understanding how AI and Machine Learning works
      • Automating decision making processes
      • Reviewing processes when technology makes unexpected decisions
      • Leveraging for pattern analysis to prevent fraud
      • Operational risks of using AI and Machine Learning

3:40 Afternoon refreshment break and networking


4:10 Introduction of the FCA’s new consumer duty obligation: Understanding requirements for implementation

Session details 

      • Assessing what institutions need to do in order to meet consumer duty
      • Effectively executing and fully implementing plans
      • Demonstrating full compliance with rules that are effective July 2023
      • Challenges of adhering to the consumer duty obligation in a downturn environment
      • Implementing enhanced protections for the customer
      • Assessing how consumer behavior could impact the industry.
      • Variations across insurance and banking

 Catherine Levy, former Group Head of Risk Framework, Compliance, HSBC


4:45 Reviewing the interplay of non-financial risks within other risk silos and gaining a holistic view

Session details 

      • Increased complexity of interplay of risks
      • Identifying connections across risks and events
      • Understanding true exposure and connection
      • Enhancing decision making and efficiency
      • Comparing the drivers and consequences of different risks
      • Re-aligning culture to better asses risk holistically.

Adrian Furniss, Head of Risk, Conduct Compliance & Operational Risk, Lloyds Banking Group

5:20 Chair’s closing remarks
5:30 End of day 1 and networking drinks reception

8:00 Registration and breakfast

8:50 Chair’s opening remarks


9:00 Enhancing strategic change management practices to stay ahead of external events

Session details 

      • Executing change across businesses
      • Managing operational risks alongside change
      • Business change in a volatile economic environment
      • Enhancement of technology in day to day business
      • Reviewing how geopolitical impacts can change business
      • Leveraging data to become predictive of future business change

Sean Miles, Head of Operational Risk, Shawbrook Bank


9:35 Adapting control frameworks to reflect continued change in working environments

Session details 

        • Effectiveness of internal control frameworks
        • Ensuring control framework is fit for purpose
        • Impact of hybrid working on control frameworks
        • Importance of an enhanced controls framework in a digitized environment
        • Incorporating governance into your framework
        • Identifying potential weaknesses or gaps in frameworks
        • Managing recovery, restructure and wind down plan (RRWP)
        • Evaluating the aftermath of Covid-19 and impact on controls

10:10 Morning refreshment break and networking


10:40 Developing measurement techniques to ensure risk culture and organizational culture align

Session details 

      • Reviewing the importance of conducting culture and behavior assessments
      • Reinforcement of a healthy organizational culture for employees to work in
      • Incorporating diversity across the culture of an institution
      • Defining behavior and culture of your employees
      • Raising the profile of risk culture
      • Building a risk culture dashboard
      • Implementing behavior assessments.

Lisa McArthur, Head of Conduct, Compliance & Op Risk Standards and Capability, Lloyds Banking Group
Sucharita Banerjee Lodha, Head of ERM Operations, Governance and Reporting, AIG
Jonny Weare, Head of Conduct, Danske Bank


11:25 Managing people/human capital risks alongside the pace of change

Session details 

        • Ensuring teams are healthy, focused and engaged
        • Managing people alongside the pace of change
        • Impact of external events on people risk
        • Aligning pay with the cost of living
        • Oversight and supervision capabilities
        • Identifying, attracting and retaining the right skills
        • Assessing how hybrid working can make it difficult to integrate new employees

Gary Savill, Head of ERM Programme Delivery, Starr Insurance


12:00 Reviewing the impact of economic volatility on operational risks

Session details 

        • Talent to manage current economic conditions
        • Managing customers facing financial difficulty
        • Volatility as key driver of increased risk
          • Fraud, misconduct, rogue trading etc…
        • Understanding and predicting potential impacts to customers
        • Impact of interest rates, inflation and energy limitations on operational functions
        • Correlation between economic downturns and emergence of operational risk incidents
        • Ensuring products are able to operate in a volatile economic environment.

Michael Grimwade, MD, Operational Risk, ICBC Standard Bank 

12:35 Lunch break and networking


1:35 Managing cyber risk exposure and increased threat with ongoing global tensions and supply chain reliance

Session details 

  • Increased risk of supply chain attacks
  • SolarWinds case study
  • Increased vulnerability with heighted reliance on third parties
  • Exploitation of Russia/Ukraine conflict
  • Educating users on ransomware risks
  • Managing underlying reputation risks
  • Alignment with resilience and impact tolerances
  • Management after a cyber event
    • Lessons learned and recovery
  • Educating employees and customers on cyberattacks.
  • Ensuring there is sufficient cyber security controls and capabilities


2:10 Reviewing the increased focus on climate change and reflecting within operational risk

Session details 

  • Managing range of climate change scenarios
    • Transmission of climate change scenarios into operational risk scenarios
  • Availability of data
  • Impact of climate change on reputation of banks
  • Importance of climate risk assessments to avoid operational risks
  • Reviewing physical and transition risks
  • Ensuring climate risk is prioritized alongside other operational risks
  • Importance of keeping up with the pace of change in climate risk
  • Increased regulatory focus on climate risk from the ECB

Anit Deb, Head of External Industry Coverage for Non-Financial Risk, Deutsche Bank
Phil Cliff, Head of Climate, M&G Investments
Vasiliki Basiou, VP, NFR Climate Change and Regulatory Initiatives, Credit Suisse

2:55 Afternoon refreshment break and networking


3:25 Reviewing how the current climate could influence rates of fraud and financial crime

Session details 

  • Assessing how geopolitical actions are impacting the level of financial crime
  • Ensuring the right controls are in place to keep up with ever increasing challenge of sanctions
  • Mitigation measurements put in place against the heightened fraud landscape
  • Anticipating how new sanctions can impact your business model
  • Addressing the potential increase of insider threat / internal fraud
  • Reviewing the unexplored operational and cyber risks of digital assets
  • Managing increasing global sanctions environment
  • Impact of sanctions on operational model
  • Understanding impact of changes on business model.


4:00 Auditing non financial risk frameworks from a 3rd line of defence perspective

Session details 

  • Best practice for auditing Non-Financial Risk Frameworks from both 1LOD and 2LOD
  • Effectively using data and analytics to support a testing approach
  • Focus on testing to apply a horizontal and vertical lens to identify common read-across themes
  • Increasing importance on independent review and challenge provided by Risk SMEs in 2LOD
  • Assessing adequacy and effectiveness of the what and how elements in the design of Non-Financial Risk Framework’s

Sanjeev Tuli, Regional Head of Global Operational Risk Audit, HSBC

4:35 Chair’s closing remarks

4:40 End of Summit